Description
Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.
Published: 2026-03-12
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Data Extraction
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an SQL injection in the Email parameter of loginaction.php, allowing unauthenticated attackers to craft SQL payloads via POST requests. This enables extraction of sensitive database information and bypassing authentication mechanisms, exposing confidential data and permitting unauthorized access. The weakness is reflected in CWE-89.

Affected Systems

Affected vendor: Netartmedia, product: Netartmedia Deals Portal. No specific version information is supplied by the CNA; therefore all deployed instances of the deals portal are potentially at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates high severity. EPSS <1% suggests low current exploitation probability, but the vulnerability remains significant as it requires no authentication and can be triggered remotely over HTTP. The vulnerability is not listed in the CISA KEV catalog. Attackers can exploit it by sending crafted POST requests to loginaction.php without prior access.

Generated by OpenCVE AI on March 18, 2026 at 14:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch or update the Netartmedia Deals Portal to the latest secure version.
  • Implement input validation and sanitization for the Email parameter.
  • Deploy a web application firewall to block known SQL injection payload patterns.
  • Monitor web and database logs for abnormal query activity.
  • Verify that default or unused administrative credentials are changed.

Generated by OpenCVE AI on March 18, 2026 at 14:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 12 Mar 2026 16:00:00 +0000

Type Values Removed Values Added
Description Netartmedia Deals Portal contains an SQL injection vulnerability in the Email parameter of loginaction.php that allows unauthenticated attackers to manipulate database queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive information or bypass authentication mechanisms.
Title Netartmedia Deals Portal Lastest SQL Injection via loginaction.php
First Time appeared Netartmedia
Netartmedia real Estate Portal
Weaknesses CWE-89
CPEs cpe:2.3:a:netartmedia:real_estate_portal:*:*:*:*:*:*:*:*
Vendors & Products Netartmedia
Netartmedia real Estate Portal
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N'}

cvssV4_0

{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Netartmedia Real Estate Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-12T16:39:38.129Z

Reserved: 2026-03-12T14:23:34.000Z

Link: CVE-2019-25531

cve-icon Vulnrichment

Updated: 2026-03-12T16:39:24.484Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-12T16:16:07.013

Modified: 2026-03-12T21:07:53.427

Link: CVE-2019-25531

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:49:13Z

Weaknesses